Researchers discovered two new vulnerabilities known as TPM-FAIL in Intel firmware-based TPM (fTPM) and STMicroelectronics' TPM chips that could be used by hackers to steal their targets' cryptographic keys.
TPM (short for Trusted Platform Module) is a chip used as a root of trust for a device's OS that can store highly sensitive data such as security keys, protecting them from malicious tools such as implanted rootkits or malware dropped by a threat actor.
The two vulnerabilities allow hackers to circumvent this security shield and steal the data stored within a TPM. Once they have their hands on your signing keys, the attackers can forge digital signatures that can be used to tamper with the operating systems or to bypass authentication on the compromised machine.
The TPM-FAIL side-channel attacks
demonstrated by the researchers take advantage of a "leakage of the length of the nonce, which can easily be exploited using a lattice attack."
